While the number of data breaches per year has doubled in the last decade, there were significantly fewer breaches in 2018 compared to 2017, according to the Identity Theft Resource Center, a nonprofit advocacy group for victims of cybercrime (see chart below). Unfortunately, cybercriminals have had greater success in accessing sensitive personal and corporate data.
The trend is gaining attention. For the second year in row, the World Economic Forum’s 2019 Global Risks Report designated various types of cyberattacks among the top five global risks. In the first quarter of 2019, special questions in the proprietary RSM US Middle Market Business Index survey found that 55 percent of middle market business leaders polled think it likely that unauthorized users will attempt to access their organization’s data or systems in 2019—a significant increase from 47 percent in 2018.
Fewer breaches, greater impact
Hackers have been able to access more records with fewer unauthorized breaches. There were 1,244 breaches in 2018, a drop of more than 20 percent from 2017, the Identity Theft Resource Center found. The year-over-year number of records exposed, however, increased by 126 percent to 447 million (above chart). Businesses had the greatest number of records exposed in 2018 compared to other categories, with far fewer breaches compared to the year before. For example, a breach of Marriott International Inc. in November 2018 affected 383 million people worldwide—more than any other breach that year—exposing payment card information, dates of birth and the passport details of Marriott guests.
We have seen an increase in middle market technology clients becoming victims of cybercrimes such as wire fraud. Technology companies should be on guard against criminals spoofing email accounts and providing false wiring instructions for planned payments
It’s important to note that it’s not just the Fortune 500 companies falling prey to cyberbreaches. The MMBI survey showed that the number of midsize companies that have experienced a data breach in the last 12 months has tripled since 2015.
In 2018, the percentage of breaches experienced by the financial services and health care industries increased to 40 percent, the ITRC reported, and these two industries generally face the highest standards for maintaining customer data. As a result, they lead all industries in the costs associated with a breach. Outside of health care records, the most commonly exposed data are social security numbers.
We have seen an increase in middle market technology clients becoming victims of cybercrimes such as wire fraud. Technology companies should be on guard against criminals spoofing email accounts and providing false wiring instructions for planned payments. Improved internal controls over the wire disbursement process can mitigate against such activity.